Re: Reaction to potential PGP schism

;m thinking Yubikeys and the like, but also HSMs that might be on the critical path to sign things like GRUB, linux (at least for now), etc. Even if we end up with a brand new gnupg release on the relevant signing host(s), I fear hardware devices might not feature all the bits that are needed

Re: amd64 running on Intel Celeron and Pentium?

Elmar Stellnberger (2022-04-17): > I haven´t heard yet of a Pentium IV supporting amd64. > Likely it does not exist. https://en.wikipedia.org/wiki/List_of_Intel_Pentium_4_processors seems to disagree in general. Willamette seems to be old enough to be 32-bit only though. Cheers, --

Re: Problems with shim and shim-signed in unstable, and proposed solutions to unblock us

ding a binary package for real, even if in a chroot with some specific versions also looks cleaner to me than repacking and re-uploading old binaries. Long story short: #3 looks good to me. Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I relea

Re: [SECURITY] [DSA 3355-2] libvdpau regression update

Hi, Daniel Reichelt (2015-11-03): > Hi * > > the amd64 build for 0.8-3+deb8u2 seems to be missing from [1]. > > Is this an error or am I missing something? > > > Thanks > Daniel > > > [1] http://security.debian.org/pool/updates/main/libv/libvdpau/ If I'm reading wanna-build right, it's Upl

Re: apt-build - Authentication warning overridden. - security issue?

Patrick Schleizer (2015-03-18): > Hi, > > I was running: > sudo apt-build install ccache > > And the output contained a message: > > WARNING: The following packages cannot be authenticated! > ccache > Authentication warning overridden. > > Is this just how apt-build works or could this be a

Re: [SECURITY] [DSA 3053-1] openssl security update

Jonathan Wiltshire (2014-10-18): > Technically nothing is blocked yet (except udebs) They were only blocked for a tiny number of days. Mraw, KiBi. signature.asc Description: Digital signature

Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

Conrad Nelson (2014-09-27): > On Sun, 2014-09-28 at 06:33 +1000, Andrew McGlashan wrote: > > On 28/09/2014 4:29 AM, Martin Holub wrote: > > > Please according to the Security Tracker [1,2] booth are fixed in stable > > > and oldstable. > > > > NOT QUITE . fixed in stable [wheezy] > > and "o

Re: Checking for services to be restarted on a default Debian installation

Thijs Kinkhorst (2014-09-01): > My questions to this list: > - Do people agree that this would be something that's good to have in > a default installation? Are there drawbacks? Having to know about debian-goodies always looked awkward to me. A dedicated, easy to identify package looks like a n

Re: CVE-2012-5560 (mate-settings-daemon): not an issue with any package version in Debian

Hi, Mike Gabriel (2014-08-04): > Dear security team, > > Please note that not package version of mate-settings-daemon in > Debian is affected by CVE-2012-5560. See [1] for the fix applied > upstream over a year ago. > > Can you please update information provided at [2]? > > Thanks! > Mike > >

Re: Missing ISO hash

Djones Boni <07ea86b...@gmail.com> (2014-07-14): > The Debian 7.6 update ISO hashes are missing on bt-dvd directory. > http://cdimage.debian.org/debian-cd/7.6.0/amd64/bt-dvd/MD5SUMS > http://cdimage.debian.org/debian-cd/7.6.0/*/bt-dvd/MD5SUMS > > They can be found in iso-dvd and jigdo-dvd. > http:

Re: USN-2192-1: OpenSSL vulnerabilities

Testosticore (2014-05-07): > Aren't we affected by this, too? > > http://www.ubuntu.com/usn/usn-2192-1/ Checking the security tracker would seem like an idea? https://security-tracker.debian.org/tracker/CVE-2010-5298 https://security-tracker.debian.org/tracker/CVE-2014-0198 Mraw, KiBi. si

Re: SHA256SUM/MD5SUM check sums do not match for installer-i386

Hi, m...@xlist.pw (2014-03-07): > Hi, > > I downloaded wheezy from > > ftp://ftp2.de.debian.org/debian/dists/wheezy/main/installer- > i386/current/images/* > > ftp://ftp.debian.org/debian/dists/wheezy/main/installer-i386/current/images/* > > and > > ftp://ftp.nl.debian.org/debian/dists/wheez

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

Steven Chamberlain (2013-12-14): > On 14/12/13 01:08, Henrique de Moraes Holschuh wrote: > > Yeah, I think Linux went through similar blindness braindamage sometime ago, > > but blind trust on rdrand has been fixed for a long time now, and it never > > trusted any of the other HRNGs (or used them

Re: MIT discovered issue with gcc

Stefan Roas (2013-11-23): > On Sat Nov 23, 2013 at 10:18:43, Robert Baron wrote: > > Second question: > > > > Doesn't memcpy allow for overlapping memory, but strcpy does not? Isn't > > this why memcpy is preferred over strcpy? > > Nope. There's memmove for overlapping areas. Indeed, easy enou

Re: There is Pidgin in security updates with same version but different checksum

Marko Randjelovic (2013-10-04): > The package from security looks like error because it does not appear > in apt-cache show, but exists in lists file and in > http://security.debian.org/pool/updates/main/p/pidgin/. Can you please elaborate? The above has got: 2.7.3-1+squeeze3 Current status acro

Re: Upcoming stable point release (7.2)

Adam D. Barratt (2013-09-22): > The next point release for "wheezy" (7.2) is scheduled for Saturday > October 12th. Stable NEW will be frozen during the preceding weekend. So there's a new linux kernel for that one: http://womble.decadent.org.uk/blog/linux-kernel-update-for-wheezy-3251-1.html

Re: Upcoming oldstable point release (6.0.8)

Adam D. Barratt (2013-09-22): > The next point release for "squeeze" (6.0.8) is scheduled for Saturday > October 19th. Oldstable NEW will be frozen during the preceding > weekend. > > As usual, base-files can be uploaded at any point before the freeze. I don't think I have anything d-i-ish for

Re: gpg signatures for Wheezy images

adrelanos (22/02/2013): > Stable, http://cdimage.debian.org/debian-cd/6.0.6/i386/iso-dvd/ contains > gpg signatures. > > Wheezy, > http://cdimage.debian.org/cdimage/weekly-builds/i386/iso-dvd/ does > not contain gpg signatures. > > Can you offer gpg signatures for Wheezy as well please? http://

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

Hi, daniel curtis (15/12/2012): > Kernel 3.7 is officially out. This Linux release includes many > improvements practically in every aspect. Many changes also concerns > security. Very interesting are: Cryptographically-signed kernel > modules and - long awaited > - > symlink and hardlink restric

Re: [SECURITY] [DSA 2566-1] exim4 security update

Tomas Pospisek (26/10/2012): > They don't seem to be available anywhere I look, particularily not > in the http://security.debian.org/ package repository or in the > standard debian package repository neither for unstable nor for > wheezy. > > http://incoming.debian.org/ has the versions indicate

Re: [SECURITY] [DSA 2550-1] asterisk security update

Hi. Herman van Rink (19/09/2012): > On 09/18/2012 11:40 PM, Michael Kozma wrote: > > Hello, > > > > I have an error with my sip config since i have updated the asterisk > > package : > > > > monitoring*CLI> module load sip > > Unable to load module sip > > Command 'module load sip' failed. > > [S

Re: python 2.6.6 -> python 2.6.8

Marc Haber (25/06/2012): > phyton is not listed in (ahah) > http://security-tracker.debian.org/tracker/CVE-2011-3389, does that > mean that nobody yet identified python as being affected? How can > python be added here? Surely the links in “Please help us keep this information up-to-date by rep

Re: Upcoming stable point release (6.0.5)

Shaun (14/05/2012): > How are they different to the usual drip-feed of security updates that > you get from day-to-day via 'apt-get update; apt-get upgrade' ? Are > point updates likely to contain non-security related fixes? i.e. > important but not CRITICAL updates? > > I'm just wondering why t

Re: [SECURITY] [DSA 2670-1] wordpress security update

Marc Gorzala (11/05/2012): > auf c nutzen wir ja kein debian-wordpress Please set proper To/Cc fields and leave this list alone, thanks already. Mraw, KiBi. signature.asc Description: Digital signature

Re: Antw: Re: [SECURITY] [DSA 2378-1] ffmpeg security update

Robyn Hurst (04.01.2012): > Please remove me from this mailing list. Stefan Grzenkowski (04/01/2012): > please remove me,too What about this? Both of you go read the mail you're replying to, and then do what's mentioned there to get unsubscribed? kthxbye. Mraw, KiBi. signature.asc Descriptio

Re: [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation

Florian Weimer (11/01/2011): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - - > Debian Security Advisory DSA-2122-2 secur...@debian.org > http://www.debian.org/security/F

Re: Nessus to be removed from Debian, please switch to OpenVAS

Javier Fernández-Sanguino Peña (02/08/2009): > I encourage people that are looking for an alternative to Nessus to switch to > OpenVAS (Open Vulnerability Assessment Scanner) which is a Nessus fork (based > on the 2.2.x branch) that is actively being maintained and is now available > in Debian. I

Re: [SECURITY] [DSA 1786-1] New acpid packages fix denial of service

Nico Golde (04/05/2009): > * Steffen Joeris [2009-05-04 05:25]: > > > > Debian Security Advisory DSA-1786-1 secur...@debian.org > > http://www.debian.org/security/ Steffen Joeris > > May

Re: mt-daapd #404640 introduces remote security hole

Alexander Kurtz (01/04/2009): > since it took more than half a year until someone responded to the > initial mail of #404640 and there are still SERIOUS REMOTE SECURITY > ISSUES UNFIXED, I thougt I'd just drop a link: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404640 YOU MUST BE KIDDIN

Re: [LI#NCE-fWtY2-534] [SECURITY] [DSA 1737-1] New wesnoth packages fix several vulnerabilities

Dan Bassett (11/03/2009): > First of... > HAHAHAHAHAHHAHAHAHAAHAHA Ah? > Secondly, not on any of our servers... Hm, we don't care? Mraw, KiBi. signature.asc Description: Digital signature

Re: [Koumbit #27201] [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability

Antoine Beaupré via RT (02/03/2009): > Status: resolved Status: we-don’t-care Fix your mail setup. Mraw, KiBi. signature.asc Description: Digital signature

Re: New Etch Point Release

Sythos (10/02/2009): > no lenny release as stable? :) Good things come to those… Mraw, KiBi. signature.asc Description: Digital signature

Re: [SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities

Celejar (15/01/2009): > > (without any deb-src) It looks like the following does what you want: > > | grep-status -sPackage -F Package $source_package > > > > Works for me with blender, xulrunner, graphviz as source package names. Bleh. Needed sleep :) Make “-F Package” become “-F Source”. Unfo

Re: [SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities

Celejar (15/01/2009): > Is there any automatic way to check whether a given system has any of > the binary packages built from a given source package installed? (without any deb-src) It looks like the following does what you want: | grep-status -sPackage -F Package $source_package Works for me w

Re: [SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities

Celejar (14/01/2009): > > We recommend that you upgrade your xulrunner packages. > > On my Sid box, I only have 'xulrunner-1.9' from the official repo, and > xulrunner only from 'debian-multimedia.org'. That's the source package name. Binaries built from this source: | $ LANG=C apt-cache showsrc

Re: Freeze exceptions for iceape/iceweasel/xulrunner?

Francesco Poli (10/01/2009): > On the other hand iceape [2], iceweasel [3], and xulrunner [4] seem to > be in freeze, even though their unstable versions fix many > vulnerabilities. > > Have freeze exceptions been already requested for them? http://lists.debian.org/debian-release/ (no) > Other

Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution

Dominic Hargreaves <[EMAIL PROTECTED]> (10/12/2008): > Looks like it is in the etch-proposed-updates/etch dist, though, if > you wanted it. Volatile admins, is there something wrong with this > package or has it just been forgotten about? Correct according to: http://release.debian.org/proposed-up

Re: md5 hashes used in security announcements

Florian Weimer <[EMAIL PROTECTED]> (24/10/2008): > I don't know to which address you sent the address, so I don't know if > it's been overlooked. [EMAIL PROTECTED] aka. http://lists.debian.org/debian-security/2008/10/msg00030.html Mraw, KiBi. signature.asc Description: Digital signature

Re: [DSA 1629-1] Etch postfix packages older than base

Ewen McNeill <[EMAIL PROTECTED]> (19/08/2008): > Would it be possible to rerelease this fix for Debian Etch with a > higher package version number? Either 2.3.8-3etch1 or 2.3.8-2+b1etch1 > or similar would seem to do. #495604 is pending. Mraw, KiBi. signature.asc Description: Digital signature

Re: 17 updates for Etch?!?! ¡!¡¡111oneonelevenoneone

Jim Popovitch <[EMAIL PROTECTED]> (26/07/2008): > WTF?!?!? Were all those apps + kernel updated today? Point release, see [1]. I guess the announcement is on its way. Might be sent once most architectures have all packages built. 1. http://www.philkern.de/weblog/en/debian/etch_4.0r4.html Mraw,

Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

On 13/05/2008, Stephane Bortzmeyer wrote: > By the way, the page > has a link > http://security-tracker.debian.org/, labeled "The Debian Security > Tracker has the canonical list of CVE names, corresponding Debian > packages," and this link is brok

Re: [SECURITY] [DSA 1466-1] New xorg-server packages fix several vulnerabilities

On 18/01/2008, Adrian Minta wrote: > After this update vlc and possible other programs will not work > anymore. #461410. Cheers, -- Cyril Brulebois pgpnq1t4YITN1.pgp Description: PGP signature

Re: [SECURITY] [DSA 1375-1] New OpenOffice.org packages fix arbitrary code execution

update your local copy of his key? Cheers, -- Cyril Brulebois pgp9hd5Lozr0G.pgp Description: PGP signature